3 comments

[ 3.5 ms ] story [ 16.8 ms ] thread
Seems to follow a familiar pattern: non cryptographic random number function and a predictable seeding mechanism used to generate authentication tokens.
Very serious handling of the issue!
That's the clearest, most concrete, and most useful response to discovering a vunlnerability in a dev infrastructure site I've ever seen.